Verification Notes
Get All Verification Notes
This endpoint returns a list of Verification Note resources for a specific project task.
GET /api/v2/projects/{project_id}/tasks/{task_id}/analysis-notes/
GET /api/v2/projects/1936/tasks/1-T2/analysis-notes/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": 875,
"analysis_session": 334,
"analysis_type": {
"slug": "manual",
"name": "Manual Verification"
},
"behaviour": "replace",
"confidence": "high",
"created": "2015-03-26T19:50:46.348000Z",
"findings": {},
"finding_ref": "my_ref",
"status": "pass",
"automatic": true,
"updated": "2015-06-05T02:55:54.231254Z",
"updater": {
"id": 599,
"email": "user@example.com",
"first_name": "Bob",
"last_name": "Smith"
}
}]
}
Get a Specific Verification Note
This endpoint returns a specific Verification Note resource.
GET /api/v2/projects/{project_id}/tasks/{task_id}/analysis-notes/{note_id}/
GET /api/v2/projects/1936/tasks/1-T2/analysis-notes/682/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": 875,
"analysis_session": 334,
"analysis_type": {
"slug": "manual",
"name": "Manual Verification"
},
"behaviour": "replace",
"confidence": "high",
"created": "2015-03-26T19:50:46.348000Z",
"findings": {},
"finding_ref": "my_ref",
"status": "pass",
"automatic": true,
"updated": "2015-06-05T02:55:54.231254Z",
"updater": {
"id": 599,
"email": "user@example.com",
"first_name": "Bob",
"last_name": "Smith"
}
}
Create a Verification Note
This endpoint creates a single Verification Note resource.
POST /api/v2/projects/{project_id}/tasks/{task_id}/analysis-notes/
| Fields | Required | Description |
|---|---|---|
| analysis_session | No | The ID of the related Verification Session. If this value is not set, it is considered a manual verification. |
| behaviour | Yes | See Behavior section below. |
| confidence | Yes | "high" or "low" |
| findings | Yes | JSON array representing verification findings. At least one finding is required when creating an automatic verification with a status of "fail". Keys required: desc and count |
| finding_ref | No | |
| status | Yes | One of "pass", "partial", "fail", or "none". "None" status can only be used in a manual verification. |
| task_status_mapping | No | See Countermeasure Status Mapping section below. |
Behavior
| Value | Description |
|---|---|
| combine | Combine with all previous results |
| replace-scanner | Overwrite previous results from this tool |
| replace | Overwrite all previous result |
Countermeasure Status Mapping
You can provide an object that maps Verification Note statuses to Task Statuses.
SD Elements will then use this mapping object to automatically change the status of the associated task based on the status of the Verification Note.
The object format is:
{ "<note_status>": "<task_status_slug>", ...etc... }
An example:
{ "pass": "DONE", "fail": "TODO" }
POST /api/v2/projects/1/tasks/1-T12/analysis-notes/
HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"analysis_session": 334,
"behaviour": "replace",
"confidence": "high",
"findings": [],
"finding_ref": "my_ref",
"status": "pass"
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": 875,
"analysis_session": 334,
"analysis_type": {
"slug": "manual",
"name": "Manual Verification"
},
"behaviour": "replace",
"confidence": "high",
"created": "2015-03-26T19:50:46.348000Z",
"findings": [
{
"desc":"Incorrect code spelling","count":"5"
},
{
"desc":"Incorrect security id","count":"10"
}
],
"finding_ref": "my_ref",
"status": "pass",
"automatic": true,
"updated": "2015-06-05T02:55:54.231254Z",
"updater": {
"id": 599,
"email": "user@example.com",
"first_name": "Bob",
"last_name": "Smith"
}
}